Security & MFA

Opally takes security seriously. This page covers authentication, multi-factor authentication, and security best practices.

Authentication

Email & Password

New users sign up with:

Email address
Password (minimum 8 characters)
Accept Terms of Service and Privacy Policy

Multi-Factor Authentication (MFA)

Opally supports MFA for additional account security:

Go to Settings > Profile tab
Find the Security section
Click Enable MFA
Scan the QR code with an authenticator app
Enter the verification code
Save backup codes

Recommended: Enable MFA for all admin accounts.

Supported Authenticator Apps

Google Authenticator
Microsoft Authenticator
Authy
1Password
Any TOTP-compatible app

MFA Backup Codes

When enabling MFA, you'll receive backup codes. Store these securely – they're needed if you lose access to your authenticator app.

Data Security

Encryption

All data is encrypted in transit (TLS 1.3)
Sensitive data is encrypted at rest (AES-256-GCM)
API keys and tokens are stored securely

OAuth Integrations

Email integrations (Gmail, Outlook) use OAuth 2.0:

Opally never sees your email password
You can revoke access at any time
Permissions are minimal and specific

Data Retention

Conversation data is retained as configured
You can request data deletion
See our Privacy Policy for details

Security Best Practices

For Admins

Enable MFA – Protect admin accounts with multi-factor authentication
Review access regularly – Remove users who no longer need access
Use strong passwords – Enforce password requirements
Limit admin accounts – Only give admin access when necessary

For All Users

Don't share credentials – Each user should have their own account
Use unique passwords – Don't reuse passwords from other sites
Report suspicious activity – Contact your admin if something seems wrong
Log out on shared devices – Always log out when done

Compliance

Opally is designed with compliance in mind:

GDPR-compliant data handling
Data processing agreements available
Secure infrastructure on major cloud providers

Reporting Security Issues

If you discover a security vulnerability:

Email: info@opally.com
Include details about the issue
Don't disclose publicly until resolved

We take all reports seriously and will respond promptly.

PreviousEmail Filters

Last updated 10 days ago

Good morning

hashtagAuthentication

hashtagEmail & Password

hashtagMulti-Factor Authentication (MFA)

hashtagSupported Authenticator Apps

hashtagMFA Backup Codes

hashtagData Security

hashtagEncryption

hashtagOAuth Integrations

hashtagData Retention

hashtagSecurity Best Practices

hashtagFor Admins

hashtagFor All Users

hashtagCompliance

hashtagReporting Security Issues